#29217 closed defect (bug) (fixed)
HHVM Fatal error with hash_equals() on WordPress 3.9.2
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 4.0 | Priority: | normal |
Severity: | normal | Version: | 3.9.2 |
Component: | General | Keywords: | has-patch |
Focuses: | Cc: |
Description
The hash_equals() function introduced in r29382 causes lots of fatal errors with HHVM 3.2. It usually happens with custom themes and/or plugins, log says:
\nFatal error: Argument 2 passed to hash_equals() must be an instance of string, null given in /var/www/xyz.com/wp-includes/pluggable.php on line 1662
PHP fails but only issues a warning in these cases, HHVM on the other hand dies.
Is there something we can do about this, or should I pursue a request for the HHVM team to change it from fatal error to a warning too?
Attachments (1)
Change History (5)
Note: See
TracTickets for help on using
tickets.
The error comes from
wp_verify_nonce()
, see tags/3.9.2/src/wp-includes/pluggable.php#L1662, where$nonce
seems to be null.Before [29384]
$nonce
was used inside the condition and is now passed tohash_equals()
. I think we should bail earlier, when$nonce
is empty, see 29217.patch.